Security Fix: xine-lib
Another batch of updates has been released today along with one security fix for xine-lib. This time, a replacement for util-linux is now available along with some modification for mysql (administrator should look on the /etc/rc.d/rc.mysqld for changes that Pat noted).
Here's the latest -Current changelog:
Here's the latest -Current changelog:
Tue Apr 1 02:41:32 CDT 2008
a/acl-2.2.47_1-i486-1.tgz: Upgraded to acl-2.2.47_1.
a/attr-2.4.41_1-i486-1.tgz: Upgraded to attr-2.4.41_1.
a/etc-12.1-noarch-4.tgz: Give the mysql user a /bin/false "shell".
Thanks to Noel for the suggestion.
a/lilo-22.8-i486-12.tgz: Fixed a bug where liloconfig might not properly determine the root directory where /boot is found.
a/sysvinit-scripts-1.2-noarch-20.tgz: Fixed a bug in rescan-scsi-bus that was exposed by the CONFIG_SCSI_MULTI_LUN kernel option (which _should_ also make rescan-scsi-bus unneccessary). Thanks to Kem Prims for the bug report.
Keep /usr/share/mime's mime.cache file updated.
a/util-linux-2.12r-i486-6.tgz: Removed. See below.
a/util-linux-ng-2.13.1-i486-1.tgz: Added util-linux-ng-2.13.1, which replaces the old util-linux package. To install, either use upgradepkg with the "%" option, or do this: installpkg util-linux-ng-2.13.1-i486-1.tgz ; removepkg util-linux ; installpkg util-linux-ng-2.13.1-i486-1.tgz
Thanks to Robby Workman for a lot of help with this package update.
a/xfsprogs-2.9.7_1-i486-1.tgz: Upgraded to xfsprogs-2.9.7_1.
ap/alsa-utils-1.0.15-i486-3.tgz: Don't load the mixer settings until after the OSS modules have been loaded. Eliminate 'awk' usage in rc.alsa, using sed and tr instead. Thanks to Tomas Matejicek for the patch.
ap/dmapi-2.2.8_1-i486-1.tgz: Upgraded to dmapi-2.2.8_1.
ap/man-pages-2.79-noarch-1.tgz: Upgraded to man-pages-2.79, and retained the POSIX pthread_* man pages this time. Thanks to Rastislav Stanik.
ap/mysql-5.0.51a-i486-2.tgz: Modified /etc/rc.d/rc.mysqld's database installation instructions to take into consideration that the mysql user no longer has a login shell. In addition, the admin is told to consider locking the database server down even further (if possible) by using the mysql_secure_installation utility. Thanks again to Noel.
ap/xfsdump-2.2.48_1-i486-1.tgz: Upgraded to xfsdump-2.2.48_1.
l/libglade-2.6.2-i486-2.tgz: Rebuilt with --libdir=/usr/lib. Without this, libglade-2.0.la incorrectly inserts '/usr/local/lib' in the .la file.
Thanks to Steve Kennedy for the bug report.
l/libgsf-1.14.8-i486-1.tgz: Upgraded to libgsf-1.14.8.
n/net-tools-1.60-i486-2.tgz: Recompiled with latest Debian patch.
n/nfs-utils-1.1.2-i486-1.tgz: Upgraded to nfs-utils-1.1.2.
n/nmap-4.60-i486-3.tgz: Fixed the build script (third time's the charm?) to use DESTDIR and remove the one item (useless, IMHO, within a package system) that still can't get DESTDIR right: uninstall_zenmap.
Thanks to Conraid and Mauro Ghisoni for walking me through this one. :-)
n/openssh-4.9p1-i486-1.tgz: Upgraded to openssh-4.9p1.
n/wget-1.11.1-i486-1.tgz: Upgraded to wget-1.11.1.
x/scim-1.4.7-i486-5.tgz: Fixed scim.desktop to have more information, and to place the SCIM startup utility in the "Utilities" menu rather than having it fall into "Lost & Found". Thanks to Hon Yuen Kwun for the initial patch.
x/xf86-video-intel-188.8.131.522-i486-1.tgz: Upgraded to xf86-video-intel-184.108.40.2062.
xap/xine-lib-220.127.116.11-i686-1.tgz: Earlier versions of xine-lib suffer from an integer overflow which may lead to a buffer overflow that could potentially be used to gain unauthorized access to the machine if a malicious media file is played back. File types affected this time include .flv, .mov, .rm, .mve, .mkv, and .cak.
For more information on this security issue, please see:
(* Security fix *)
isolinux/initrd.img: Patched to have /etc/fstab mount /dev/shm. Updated XFS utilities.
usb-and-pxe-installers/: Patched to have /etc/fstab mount /dev/shm.
Updated XFS utilities.